[Samba] Cannot change passwords on Active Directory Samba from clients

Elias Pereira empbilly at gmail.com
Sat Jun 3 00:42:04 UTC 2017


Anything in the logs?

On Fri, Jun 2, 2017 at 8:01 PM, Luke Barone via samba <samba at lists.samba.org
> wrote:

> Hi list,
>
> We are working on getting Samba version 4.5.8-debian (on Stretch) with
> Active Directory running, and we are running into a major road block.
> Clients (Windows 7 Pro, Windows 10 Pro and Educational) cannot change their
> passwords on their own. We can force the user to reset the password for
> their next login (works), or reset the password with ADUC RSAT as the
> Domain Admin. If the user tries to use "Change Password" from the Ctrl Alt
> Delete menu, it fails with the message:
>
> Unable to update the password. The value provided for the new password does
> not meet the length complexity, or history requirements of the domain
>
> We are out of ideas, and Google is not helping much. Below is the smb.conf
> file from the main domain controller (we troubleshooted by even shutting
> down the secondary DC):
>
> # Global parameters
> [global]
>  bind interfaces only = Yes
>  interfaces = lo enp0s17
>  netbios name = DC1
>  realm = <FQDN>
>  workgroup = <DOMAIN>
>  dns forwarder = <DNS SERVER>
>  server role = active directory domain controller
>  winbind separator = /
>  idmap_ldb:use rfc2307 = yes
>  comment =
> [netlogon]
>  path = /var/lib/samba/sysvol/<DOMAIN>/scripts
>  read only = No
> [sysvol]
>  path = /var/lib/samba/sysvol
>  read only = No
>
> We have disabled all the password policies in Group Policy Management
> Console, as well as using samba-tool domain passwordsettings to disable any
> restrictions, such as minimum password age, and password complexity.
>
> What are our next steps?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Elias Pereira


More information about the samba mailing list